You've set up SSL and configured Nginx, but Odoo is still serving mixed content warnings, generating HTTP links in emails, or redirecting portal users back to HTTP. These are among the most common post-SSL-setup issues — and all of them have specific, fixable root causes.
Root Cause: Odoo Doesn't Know It's Behind HTTPS
Odoo runs on a plain HTTP socket (port 8069 by default). When you put Nginx in front of it, Nginx terminates SSL and proxies plain HTTP traffic to Odoo. Unless you configure both Nginx and Odoo correctly, Odoo has no way to know the original request came in over HTTPS — so it generates HTTP links everywhere.
Fix 1: Enable proxy_mode in Odoo
This is the single most important setting. In /etc/odoo/odoo.conf:
proxy_mode = TrueWith proxy_mode = True, Odoo reads the X-Forwarded-Proto header set by Nginx to determine whether the original request was HTTP or HTTPS. Without this, Odoo ignores the header entirely and assumes HTTP.
Restart Odoo after this change:
sudo systemctl restart odoo
# or Docker:
docker compose restart odooFix 2: Set X-Forwarded-Proto in Nginx
Verify your Nginx config passes the protocol header to Odoo. In your Nginx server block:
location / {
proxy_pass http://127.0.0.1:8069;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; # <-- This line is critical
}$scheme resolves to https when Nginx received the request over SSL, and http otherwise. If this header is missing, proxy_mode = True cannot help.
Fix 3: Update web.base.url
Odoo stores a base URL used for generating links in emails, payment redirects, and portal access. If this was set before you enabled SSL, it still points to http://.
Go to Settings > Technical > Parameters > System Parameters (enable developer mode first) and find web.base.url. Update it to your HTTPS domain:
https://yourdomain.comNo trailing slash. The change takes effect immediately — no restart needed.
You can also set this via the Odoo shell:
sudo -u odoo odoo shell -d mydb
env['ir.config_parameter'].set_param('web.base.url', 'https://yourdomain.com')Fix 4: Clear the web.base.url.freeze Flag
Odoo has a secondary parameter, web.base.url.freeze, that prevents automatic updates to web.base.url. If this is set to True, Odoo won't update the base URL even when it detects a different domain. Check for it in System Parameters and delete it (or set it to False) if present.
Fix 5: Diagnose Mixed Content Errors
Mixed content errors occur when an HTTPS page loads resources over HTTP. Open your browser's developer console (F12) on an Odoo page showing a mixed content warning. The Console tab shows blocked resources with their full URLs.
Common sources of mixed content in Odoo:
- Hardcoded HTTP in email templates: Check your custom email templates in Settings > Email > Templates. Search for
http://and replace withhttps://or use the{{base_url}}variable. - Hardcoded HTTP in website pages: Use the Odoo website builder's HTML editor or search in website blocks for
http://yourdomain.com. - External resources over HTTP: Scripts or stylesheets loaded from third-party HTTP URLs. Update these to their HTTPS equivalents or host them locally.
- Odoo modules with hardcoded URLs: Some third-party modules hardcode base URLs. Search your custom module XML and Python files for
http://.
Fix 6: Payment Provider Callback URLs
If you use Stripe, PayPal, or another payment provider, verify that the webhook and return URLs configured in the payment provider's dashboard use HTTPS. Odoo generates these URLs based on web.base.url, so fixing that (Fix 3) usually resolves this automatically.
For Stripe: Dashboard > Developers > Webhooks — confirm all endpoint URLs start with https://.
Step-by-Step Verification Checklist
- Check
/etc/odoo/odoo.confforproxy_mode = True - Check Nginx config for
proxy_set_header X-Forwarded-Proto $scheme; - Verify
web.base.urlin System Parameters starts withhttps:// - Open browser console on your Odoo instance and check for mixed content errors
- Send a test email from Odoo and verify all links are HTTPS
- Test a payment flow end-to-end
How DeployMonkey Prevents HTTPS Issues
DeployMonkey configures proxy_mode, X-Forwarded-Proto, and web.base.url automatically when provisioning an instance. SSL is terminated at the Nginx layer with correct headers, and Odoo is configured to trust the proxy from the first boot. You never have to debug mixed content warnings. Try DeployMonkey free.
Frequently Asked Questions
Why does Odoo redirect me from HTTPS to HTTP?
This almost always means proxy_mode = True is not set, or X-Forwarded-Proto is not being passed by Nginx. Odoo thinks it's on HTTP and redirects accordingly. Apply Fixes 1 and 2 above.
My web.base.url is already set to HTTPS but emails still have HTTP links. Why?
Check whether web.base.url.freeze is set to True in System Parameters — this can lock the URL. Also check individual email templates for hardcoded http:// strings that override the base URL variable.
Does setting proxy_mode = True create any security risk?
Only if Odoo is directly accessible on port 8069 from the internet. With proxy_mode = True, Odoo trusts the X-Forwarded-For and X-Forwarded-Proto headers. If an attacker can reach Odoo directly, they can spoof these headers. Always block port 8069 from external access with a firewall rule — see Odoo security best practices.
How do I fix mixed content from third-party Odoo modules?
Search module source files for hardcoded HTTP URLs: grep -r "http://" /path/to/module. For XML-based URLs, update the domain or use the base_url config parameter. For Python code, replace hardcoded strings with request.env['ir.config_parameter'].get_param('web.base.url').